--noexec

author: netblue30 <netblue30@yahoo.com> 2016-07-10 10:08:53 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-07-10 10:08:53 -0400
commit: a344c555ff282c23a8274d10ad0f75eb4fae6836 (patch)
tree: b86fde69dc1cb71a476745c974196735d694952a /src/man/firejail.txt
parent: noexec inside /var directory (diff)
download: firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.gz
firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.zst
firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 7c9cd98de..cd9ea6a8a 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -851,6 +851,21 @@ $ nc dict.org 2628
 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
 .br
 .TP
+\fB\-\-noexec=dirname_or_filename
+Remount directory or file noexec, nodev and nosuid.
+.br
+.br
+Example:
+.br
+$ firejail \-\-noexec=/tmp
+.br
+.br
+/etc and /var are noexec by default. If there are more than one mount operation
+on the path of the file or directory, noexec should be applied to the last one. Always check if the change took effect inside the sandbox.
+.TP
 \fB\-\-nogroups
 Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the
 sandbox. For root user supplementary groups are always disabled.
author	netblue30 <netblue30@yahoo.com>	2016-07-10 10:08:53 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-07-10 10:08:53 -0400
commit	a344c555ff282c23a8274d10ad0f75eb4fae6836 (patch)
tree	b86fde69dc1cb71a476745c974196735d694952a /src/man/firejail.txt
parent	noexec inside /var directory (diff)
download	firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.gz firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.tar.zst firejail-a344c555ff282c23a8274d10ad0f75eb4fae6836.zip

diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7c9cd98de..cd9ea6a8a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -851,6 +851,21 @@ $ nc dict.org 2628
851	220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64	851	220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
852	.br	852	.br
853	.TP	853	.TP
		854	\fB\-\-noexec=dirname_or_filename
		855	Remount directory or file noexec, nodev and nosuid.
		856	.br
		857
		858	.br
		859	Example:
		860	.br
		861	$ firejail \-\-noexec=/tmp
		862	.br
		863
		864	.br
		865	/etc and /var are noexec by default. If there are more than one mount operation
		866	on the path of the file or directory, noexec should be applied to the last one. Always check if the change took effect inside the sandbox.
		867
		868	.TP
854	\fB\-\-nogroups	869	\fB\-\-nogroups
855	Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the	870	Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the
856	sandbox. For root user supplementary groups are always disabled.	871	sandbox. For root user supplementary groups are always disabled.